Not what you are looking for? Ask the experts!

Large numbers of UDP packet blocks & other blocks reporting

There have been several dozen (if not several hundred) of these hits on Norton's 'Recent Activity' log in the past 3 days. They often occur in groups of 5-15 hits, all within seconds of eachother, and then might not occur for another 2-5 minutes before another burst occurs.

I connect to the internet via a router that runs from my father's PC, and also runs internet supply to my sister's PC. I have not checked her machine, but Norton on my father's machine reports several blocks on the 'Open Port" (which I believe is our Wireless port.) We are not 'networked' together, according to him. I am unsure if his blackberry/ipod might be using the wireless connection, which is his guess. I'm something of a 'how it works' novice, so I have no clue what's really going on there.

Any advice/tips would be greatly appreciated. I would love some peace of mind.

Re: Large numbers of UDP packet blocks & other blocks reporting

Because Norton logs everything, you end up with a soup of firewall entries. The unauthorized access blocked is not a threat to your machine. Since everything has to access Norton, what you are seeing is Norton limiting or blocking that access to itself. You can quite cheerfully clear all the items in that log on a regular basis.

With the others, UDP is sort of a general call, similar to dear occupant, while your machine checks for other machines on the system, talks to the router, and talks to itself. This one is used:

When UPnP devices wish to announce themselves, or "shout out" to find out what other UPnP devices are hanging around on the network, they issue a UDP message aimed at port 1900 of the special IP address [239.255.255.250]. This special "multicast" broadcast address has been set aside for UPnP devices and will be received by all of them listening on UDP port 1900.

Re: Large numbers of UDP packet blocks & other blocks reporting

These are all normal communications that are confined to your Local Area Network. They mostly involve multicast shoutouts among the devices on your network to announce their presence to the other devices. Because you do not have file sharing enabled, Norton blocks these by default. If you were to use file sharing, where communicating with other computers on your network would be necessary, Norton would allow these in order to make it easier for the devices to find each other. In any event, these communications all use local addresses that cannot be routed on the internet, and your router prevents unsolicited traffic from the internet from ever reaching your computer. So you are completely safe and cannot be attacked from outside of your router.

The "Unauthorized Access" entry is a Norton Product Tamper Protection event. Tamper Protection prevents any outside program from accessing Norton files or processes in order to keep your protection from being disrupted or compromised. These are also normal and do not represent a threat to your system.

For an explanation of the protocols seen in your firewall logs, see the following: